CVE-2018-9064

In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user may abuse a web API debug call to retrieve the credentials for the System Manager user.

Published : 2018-07-30 16:29 Updated : 2019-10-03 00:03

4.0
CVSS Score More info
Score 4.0 / 10
4.0
Vendor Product Version URI
Lenovo Xclarity Administrator 2.0.0 cpe:/a:lenovo:xclarity_administrator:2.0.0
Lenovo Xclarity Administrator 1.0.1 cpe:/a:lenovo:xclarity_administrator:1.0.1
Lenovo Xclarity Administrator 1.0.3 cpe:/a:lenovo:xclarity_administrator:1.0.3
Lenovo Xclarity Administrator 1.1.0 cpe:/a:lenovo:xclarity_administrator:1.1.0
Lenovo Xclarity Administrator 1.1.1 cpe:/a:lenovo:xclarity_administrator:1.1.1
Lenovo Xclarity Administrator 1.2.1 cpe:/a:lenovo:xclarity_administrator:1.2.1
Lenovo Xclarity Administrator 1.2.2 cpe:/a:lenovo:xclarity_administrator:1.2.2
Lenovo Xclarity Administrator 1.3.0 cpe:/a:lenovo:xclarity_administrator:1.3.0
Lenovo Xclarity Administrator 1.3.1 cpe:/a:lenovo:xclarity_administrator:1.3.1
Lenovo Xclarity Administrator 1.3.2 cpe:/a:lenovo:xclarity_administrator:1.3.2
Lenovo Xclarity Administrator 1.4.0 cpe:/a:lenovo:xclarity_administrator:1.4.0
  1. Lenovo (1) Search CVE
    1. Xclarity Administrator (11) Search CVE
      1. 2.0.0
      2. 1.0.1
      3. 1.0.3
      4. 1.1.0
      5. 1.1.1
      6. 1.2.1
      7. 1.2.2
      8. 1.3.0
      9. 1.3.1
      10. 1.3.2
      11. 1.4.0

CWE

There is no CWE for this CVE.

History of changes

Date Event
2019-10-03 00:03
2018-10-03 16:10
2018-07-30 16:29

New CVE